From 65c84a3583ea4cceb3b4baf70757e62c70a5ccea Mon Sep 17 00:00:00 2001
From: Seena Fallah <seenafallah@gmail.com>
Date: Fri, 17 May 2024 00:09:37 +0200
Subject: [PATCH] ceph-container: keep run dir permission consistent

Make it the same as "Create ceph initial directories" task
and make owner and group 167 for containers so they can write
with ceph user.

Signed-off-by: Seena Fallah <seenafallah@gmail.com>
---
 group_vars/all.yml.sample                           | 2 +-
 roles/ceph-container-common/tasks/prerequisites.yml | 2 +-
 roles/ceph-defaults/defaults/main.yml               | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/group_vars/all.yml.sample b/group_vars/all.yml.sample
index 7a086aa89..967280064 100644
--- a/group_vars/all.yml.sample
+++ b/group_vars/all.yml.sample
@@ -287,7 +287,7 @@ dummy:
 # must be in octal or symbolic form
 #rbd_client_directory_owner: ceph
 #rbd_client_directory_group: ceph
-#rbd_client_directory_mode: "0770"
+#rbd_client_directory_mode: "0755"
 
 #rbd_client_log_path: /var/log/ceph
 #rbd_client_log_file: "{{ rbd_client_log_path }}/qemu-guest-$pid.log" # must be writable by QEMU and allowed by SELinux or AppArmor
diff --git a/roles/ceph-container-common/tasks/prerequisites.yml b/roles/ceph-container-common/tasks/prerequisites.yml
index 1d062a8d9..4009a3278 100644
--- a/roles/ceph-container-common/tasks/prerequisites.yml
+++ b/roles/ceph-container-common/tasks/prerequisites.yml
@@ -28,7 +28,7 @@
 - name: Ensure tmpfiles.d is present
   ansible.builtin.lineinfile:
     path: /etc/tmpfiles.d/ceph-common.conf
-    line: "d /run/ceph 0770 root root -"
+    line: "d /run/ceph 0755 167 167 -"
     owner: root
     group: root
     mode: "0644"
diff --git a/roles/ceph-defaults/defaults/main.yml b/roles/ceph-defaults/defaults/main.yml
index b4e016df5..ca27c4050 100644
--- a/roles/ceph-defaults/defaults/main.yml
+++ b/roles/ceph-defaults/defaults/main.yml
@@ -279,7 +279,7 @@ rbd_client_directories: true # this will create rbd_client_log_path and rbd_clie
 # must be in octal or symbolic form
 rbd_client_directory_owner: ceph
 rbd_client_directory_group: ceph
-rbd_client_directory_mode: "0770"
+rbd_client_directory_mode: "0755"
 
 rbd_client_log_path: /var/log/ceph
 rbd_client_log_file: "{{ rbd_client_log_path }}/qemu-guest-$pid.log" # must be writable by QEMU and allowed by SELinux or AppArmor